tag:www.schneier.com,2015:/blog//2/tag:www.schneier.com,2014:/blog//2.5357-2015-03-28T02:49:07ZComments for TrueCrypt WTFA blog covering security and security technology.Movable Typetag:www.schneier.com,2014:/blog//2.5357-comment:6681966Comment from Vincent on 2014-10-31Vincenthttp://realmofvincent.com/Here is my analysis of the implications of Truecrypt's demise. I wrote it just over 3 weeks after the initial news about this incident broke.]]>
2014-10-31T18:14:58Z2014-10-31T18:14:58Ztag:www.schneier.com,2014:/blog//2.5357-comment:6675424Comment from Gorgo on 2014-07-28Gorgo
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

This message is entirely legible if one reads from the perspective of the authors. They, after all, already know why they abandoned TrueCrypt, and they apparently feel no need to address that point.

Therefore, they only instrumentally address future users -- two years, five years, ten years down the road. From that perspective, it's quite reasonable to say TC "may contain unfixed security issues." A couple of years from now, it very well might.

The sentence doesn't imply that TC currently contains mysterious unfixed errors. The authors are simply writing to posterity.

The final message is "Using TrueCrypt is not secure." Again, this is just accurate from the perspective of the needs of the audience that the authors are imagining. If TC is not being developed, then when Joe Blow stumbles on it in 2018, this warning will be entirely true and accurate. Who would use an encryption tool that hasn't been updated in five years?

It's like parking your trusty, well-made car in an alley, walking away forever, and leaving a sign advising that it might have mechanical problems that make it unsafe to drive. Of course it might: you know you're never coming back, and you have no idea how long it will sit there, rusting into obsolescence.

Providing a means for folks to decrypt their data and thereby safeguard it against the ravages of time is, again, prudent and even obvious best practice.

Finally, is it not possible that BitLocker is actually good enough? That seems to have been the conclusion right here in 2006:

My guess is that the authors simply made TC as good as it could be made under XP, then found themselves absorbed in other priorities and let it go. The closing message is just due diligence from that perspective.

If you wanted to put me in prison or kill me, would it help to have my name, place of business, and home address? Anonymity has its benefits for people who build things that attract the attention of aggressive people.

]]>
2014-07-10T20:48:56Z2014-07-10T20:48:56Ztag:www.schneier.com,2014:/blog//2.5357-comment:6674229Comment from TC on 2014-07-10TC
I never realized until now that the authors of Truecrypt are anonymous? Why?

]]>
2014-07-10T17:55:15Z2014-07-10T17:55:15Ztag:www.schneier.com,2014:/blog//2.5357-comment:6640674Comment from Sam on 2014-06-19Sam
I'm just wondering if this is the reverse of the NSA conspiracy theory - i.e. the NSA paid off the TrueCrypt developers to add a vulnerability, but now the Open Crypto Audit has published its report saying that it's a largely solid piece of software, the devs are ducking and running :)

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

"as it MAY" = doubt, uncertainty, inconsistence

Why would the master of this here masterpiece have any doubt about his code untill now?(and not earlier on?). Theres been so much time to look over it again and again and again. Having to panic just now in my mind triggers an image of someone having been invaded/altered in his/her life/work/etc.

As someone above me said, there is no need for the developer to point out security flaws, as all the previous updates have been done silently, patching up holes, without catching too much attention, so why give up NOW?(notice how the order in which events occure here is very VERY important).

NSA can't stop people from using TrueCrypt, or remove it manually from everybody's computer, BUT THEY CAN MAKE YOU BELIVE SOMETHING, SO YOU CAN REMOVE IT YOURSELF.

Keep using TrueCrypt friends, NSA can suck it.

]]>
2014-06-19T09:32:06Z2014-06-19T09:32:06Ztag:www.schneier.com,2014:/blog//2.5357-comment:6562536Comment from Mike the goat (horn equipped) on 2014-06-13Mike the goat (horn equipped)http://mikethegoat.wordpress.com
Nick: exactly - you could write an RFC or spec document for a technology and we could both end up with wildly different approaches to comply. ]]>
2014-06-13T18:06:12Z2014-06-13T18:06:12Ztag:www.schneier.com,2014:/blog//2.5357-comment:6537668Comment from Nick P on 2014-06-12Nick P
@ Wael

"How have you guarded it by sharing it with us?"

Some is still secret, some is semi-shared, and some is fully shared. Even the fully shared I.P. is typically at design level minus some implementation details. Any derivative product is a *knock-off* of a high level description of my own work. What it's not is *my* product, which might retain it's unique advantages or legacy.

Not sharing any actual high assurance products also has legal and extra-legal advantages in the Cover Your A** area of INFOSEC work. Especially in the United States.

One of the reasons I always guarded my I.P. (and how it was extended) is I worked hard to ensure its quality and security.

How have you guarded it by sharing it with us? Perhaps the fact you shared on this blog is the method, like @ Dr. Kevorkian did? It's a double edged sword, I do remember some of our discussions that ended up in academic papers, for example here
which reminds me of something...

@AC2,

Not to worry, the next version will use a planchette, much faster and more secure...

Whats the status? :)

@Nick P,

The last thing I want is someone taking it over, re-architecting it, etc to some great negative effect.

"Re-architecting" implies there was an "architecture" to start with :)
]]>
2014-06-12T04:29:35Z2014-06-12T04:29:35Ztag:www.schneier.com,2014:/blog//2.5357-comment:6536666Comment from Nick P on 2014-06-11Nick P
@ Bill Cox

It's possible. One of the reasons I always guarded my I.P. (and how it was extended) is I worked hard to ensure its quality and security. The last thing I want is someone taking it over, re-architecting it, etc to some great negative effect. Then, it might come back on my professional reputation or me personally somehow. Let's just call that "the wisdom of crowds." I try to avoid it. ;)

]]>
2014-06-12T03:40:33Z2014-06-12T03:40:33Ztag:www.schneier.com,2014:/blog//2.5357-comment:6534880Comment from Bill Cox on 2014-06-11Bill Coxhttp://GeekCrypt.net
Here's my new theory about what happened to TrueCrypt:

These guys released their best version ever, 7.1a, in February 2012. They had a party, said goodbye, and moved on with their lives. Everyone assumed that since it's open source, some new guys would come along to take over the project. Instead, for two years, there were no security updates, and no credible fork. TrueCrypt was languishing. One of the developers decided to force the world to take action. He pulled that amazing stunt, complete with recommending everyone use Microsoft BitLocker. Now he's kicking back with a beer and watching the world go nuts. It's like kicking an ant hill.

Where did you get the cage from? Did you verify the material? Did you verify the testing equipment free of subversion? And does your cage deal with bugs outside common frequency ranges or using techniques such as ultrasound or infrasound?

Unfortuntely, the rabbit hole doesn't stop at Faraday cages.

]]>
2014-06-11T15:26:59Z2014-06-11T15:26:59Ztag:www.schneier.com,2014:/blog//2.5357-comment:6528289Comment from Wael on 2014-06-11Wael
@Mike the goat,
I believe I Ganzfielded one or twice...
You can live like Edward Abbey. No Faraday cage needed. All is needed is appreciation of solitude...]]>
2014-06-11T14:09:09Z2014-06-11T14:09:09Ztag:www.schneier.com,2014:/blog//2.5357-comment:6527627Comment from Mike the goat on 2014-06-11Mike the goathttp://mikethegoat.wordpress.com/
Wael: the problem is - nobody and nothing can be trusted. I am going to have to start living in a freaking Faraday cage. Okay, scratch that - I will need to go into one of those anechoic chambers. You know, they say that you go slowly mad if you spend too long in such an environ. I guess it is an acoustic take on the Ganzfield effect.

Bill: I hope my little article on your project was okay.

]]>
2014-06-11T13:08:10Z2014-06-11T13:08:10Ztag:www.schneier.com,2014:/blog//2.5357-comment:6507564Comment from Wael on 2014-06-09Wael
@ Mike the goat,

A small board with SATA power and data on each side such that it sits inline between disk and controller.

I guess customizing a self encrypting drive (SED) is not to be trusted either.
]]>
2014-06-10T03:09:38Z2014-06-10T03:09:38Ztag:www.schneier.com,2014:/blog//2.5357-comment:6504873Comment from Bill Cox on 2014-06-09Bill Coxhttp://GeekCrypt.net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@Mike the goat:

What worries me is that the massive number of forks that are springing up may
work to further fragment and reduce confidence in the truecrypt code.

SFAIK, there are only two efforts to revive TrueCrypt: truecrypt.ch, and CipherShed.org.
At CipherShed.org, a primary goal is to merge efforts with truecrypt.ch, so hopefully
there will be only 1 fork. Two others are VeraCrypt and RealCrypt, but those are existing
projects, not new forks.

Last week, compul, srg, frank, PID0, and others did an incredible job moving CipherShed
forward. I ran what has become the CipherShed project like a dictator for maybe 24 hours,
and then gave away all control over the domains, web sites, email list, github repository,
and social media accounts to those who seem genuinely interested and talented at such
things. I am gaining confidence rapidly in the CipherShed team, and look forward to being
part of it. I firmly believe CipherShed will save TrueCrypt.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)

]]>
2014-06-09T22:18:10Z2014-06-09T22:18:10Ztag:www.schneier.com,2014:/blog//2.5357-comment:6500014Comment from Mike the goat on 2014-06-09Mike the goathttp://mikethegoat.wordpress.com/
Wael: forgive me, satyrs aren't exactly known for their short term memory. I assume those links are of beer labels? Interesting... :)]]>
2014-06-09T14:50:46Z2014-06-09T14:50:46Ztag:www.schneier.com,2014:/blog//2.5357-comment:6479194Comment from Wael on 2014-06-07Wael
@Mike the goat,

I haven't seen either of you around for a few days - but it may just be my early onset senility.

What do you mean? We chatted twice in the past two days! Cut back on the dose, bud… I wouldn’t worry too much about Pan, some TLA caught him forking TrueCrypt, and asked him for the password. He claimed he forgot it. They gave him some " Memory Enhancers" — rubber hose crap didn’t work well on him. Some say he committed suicide (shot himself 14 times in the head), and some say he had a mild allergic reaction to it…]]>
2014-06-08T00:40:30Z2014-06-08T00:40:30Ztag:www.schneier.com,2014:/blog//2.5357-comment:6478674Comment from Mike the goat on 2014-06-07Mike the goathttp://mikethegoat.wordpress.com/
Wael: I am afraid that our god would not be too happy with all this talk of removing (quite necessary, I might add) appendages from his brethren. :-). Glad to see you and Dirk are back commenting. I haven't seen either of you around for a few days - but it may just be my early onset senility.]]>
2014-06-07T23:49:24Z2014-06-07T23:49:24Ztag:www.schneier.com,2014:/blog//2.5357-comment:6476428Comment from Wael on 2014-06-07Wael
@MIke the goat,

please don't use it against us.

It'll cost you a hoof, a horn, and a tail.
I'll leave the other part for you :)
You'll no longer be a Satyr.]]>
2014-06-07T20:04:08Z2014-06-07T20:04:08Ztag:www.schneier.com,2014:/blog//2.5357-comment:6473869Comment from Mike the goat on 2014-06-07Mike the goathttp://mikethegoat.wordpress.com/
Wael: now you know, please don't use it against us.]]>
2014-06-07T16:20:49Z2014-06-07T16:20:49Ztag:www.schneier.com,2014:/blog//2.5357-comment:6473539Comment from Wael on 2014-06-07Wael
@MIke the goat,

when I am posting from my smartphone. Yeah, I know you were expecting something more interesting :-).

I guessed it's a flag of some sort, just didn't know what state it indicates :)]]>
2014-06-07T15:48:33Z2014-06-07T15:48:33Ztag:www.schneier.com,2014:/blog//2.5357-comment:6470806Comment from Mike the goat on 2014-06-07Mike the goathttp://mikethegoat.wordpress.com/
Bill: What worries me is that the massive number of forks that are springing up may work to further fragment and reduce confidence in the truecrypt code. I haven't seen anyone yet turn around and say, "yes - we like everything that TC has done, but it has significant systemic issues that can't easily be resolved by hacking the existing code base" and then work to make a fresh implementation that attempts to address the deficiencies in TC whilst maintaining the on-disk format for backwards compatibility. I don't believe any group has done this yet. ]]>
2014-06-07T12:07:19Z2014-06-07T12:07:19Ztag:www.schneier.com,2014:/blog//2.5357-comment:6469628Comment from Bill Cox on 2014-06-07Bill Coxhttp://GeekCrypt.net
@Zonzo

Yes, I've looked into VeraCrypt, and exchanged a couple of emails with the author, inviting him to work with the TC fork where I'm participating (now called CipherShed.org). The author sounds like a decent low-level coder, and has some ideas for supporting UEFI drivers, so we could drop the code requiring a Microsoft compiler from 1991. The RealCrypt fork seems clean to me, and I think that project provides a decent template for what has to be done to conform to the TrueCrypt 3.0 license.

Those of us participating at CipherShed.org still want to merge with the truecrypt.ch effort, but their forum is down, and there's been little communication... Hopefully it will all work out.

]]>
2014-06-07T10:27:57Z2014-06-07T10:27:57Ztag:www.schneier.com,2014:/blog//2.5357-comment:6469244Comment from Mike the goat on 2014-06-07Mike the goathttp://mikethegoat.wordpress.com/
NWFOR: I like the idea of a team. Perhaps we can call ourselves "Ocean's seven"; then again, maybe it will be "Ocean's six" assuming that one of us has to be Ocean and that Ocean is presumably not included in the count. *mind blown* ;-) Seriously though, nwfor - you know my feelings about this and I'd do whatever I could to facilitate such an 'open hardware' movement.

Somebody: you're right and I agree with you in up to a point. Sure, open source projects can indeed have vulnerabilities -- nobody is downplaying that. I believe that FOSS projects, when run in an open, transparent and sensible manner (and the latter has to include having source code management procedures and importantly asking the opinion of and forwarding any modifications made by the maintainers to the actual source package's author; as well as more stringent auditing on security/crypto code) are more likely to be safer than closed source projects. I expect that we have had several such massive fails with, say Windows, and we haven't heard anything about it or they have been quietly fixed in the next release.

Dirk: good to see you back!

Wael: when I am posting from my smartphone. Yeah, I know you were expecting something more interesting :-).

]]>
2014-06-07T09:56:34Z2014-06-07T09:56:34Ztag:www.schneier.com,2014:/blog//2.5357-comment:6468590Comment from Wael on 2014-06-07Wael
@ Mike the goat,
When are you "horn equipped"?]]>
2014-06-07T08:52:37Z2014-06-07T08:52:37Ztag:www.schneier.com,2014:/blog//2.5357-comment:6468483Comment from Sorko on 2014-06-07Sorko
What about a fork of truecrypt, already freely available?

]]>
2014-06-07T08:43:07Z2014-06-07T08:43:07Ztag:www.schneier.com,2014:/blog//2.5357-comment:6467262Comment from Wael on 2014-06-07Wael
@name.withheld.for.obvious.reasons,
RE: Arduino...
Oh, man! AVR 8-bit? Been a long time since I messed with those! They were good for crypto stuff -- 3DES. I hear some hackers used them (the AVR) on an extender card to simulate smart cards on Satellite receivers. They got free channels ;)
So what would be the difference between the Arduino and something like this: http://www.atmel.com/tools/stk500.aspx ? Open Source Hardware would not describe the internals of the micro-controller, would it?]]>
2014-06-07T06:48:16Z2014-06-07T06:48:16Ztag:www.schneier.com,2014:/blog//2.5357-comment:6465237Comment from Nick P on 2014-06-06Nick P
@ Globo

Well said. :)

]]>
2014-06-07T03:41:45Z2014-06-07T03:41:45Ztag:www.schneier.com,2014:/blog//2.5357-comment:6462918Comment from Globo on 2014-06-06Globo
I am the NSA and have the problem that I cannot read TC files. What am I going to do? I tell my partner Microsoft to make Windows detect when TC is running. Windows then extracts the keys and encrypts them and siphons them out home - together with the unique ID of the hard drive on which the TC volume was created. Problem solved. For Linux I add the same functionality myself, I mean, for what do I have my exploits? What I want to say: the developers are sooo true when they state that TC is not secure, cannot be, given zero endpoint protection.]]>
2014-06-06T23:10:58Z2014-06-06T23:10:58Ztag:www.schneier.com,2014:/blog//2.5357-comment:6462411Comment from Siphon_Soul on 2014-06-06Siphon_Soul
The question here is: presuming there is an outside player who has the goal of undermining TC security, is the outside player able to do this retroactively? Has a vulnerability been discovered that allows outside player to decrypt files made with earlier versions of TC, or is the outside player aiming to undermine future versions.
So:
a) Genuine message, volumes made with all or some of previous versions are at risk
b) Genuine message, volumes made (or opened) with future versions are at risk, but not current (7.1a) and earlier
c) False message, the software works as intended, which is why OP wants less people using it.

These possibilities take into account security problems that stem from the OS, not from TC code itself.
So where do you place your bets?

]]>
2014-06-06T22:20:40Z2014-06-06T22:20:40Ztag:www.schneier.com,2014:/blog//2.5357-comment:6456238Comment from Somebody on 2014-06-06Somebody
To all those demanding that we all dump Windows and use Linux and open source.

Good news. Debian had a REDUCED ENTROPY Random number generator for TWO YEARS

]]>
2014-06-06T12:07:57Z2014-06-06T12:07:57Ztag:www.schneier.com,2014:/blog//2.5357-comment:6451673Comment from Wael on 2014-06-06Wael
@ name.withheld.for.obvious.reasons,
Re: Open source HW:
What sort of designs are they?]]>
2014-06-06T05:02:13Z2014-06-06T05:02:13Ztag:www.schneier.com,2014:/blog//2.5357-comment:6451528Comment from Wael on 2014-06-05Wael
@ Mike the goat (horn equipped),

store my secure material on ancient hardware (SPARC) that should be old enough to either predate government interest in IT surveillance...

Yes, good approach given the information we have and the scarcity of viable alternate solutions... However, IT surveillance, I believe, was not missing in the relatively early days. Remember Clifford Stoll's "The Cuckoo's Egg"? It probably predates your SPARC station...

Obviously the solution lies in building a "verifiable" computer.

Verifiable by whom? That's the question.]]>
2014-06-06T04:46:37Z2014-06-06T04:46:37Ztag:www.schneier.com,2014:/blog//2.5357-comment:6448003Comment from Dantz on 2014-06-05Dantz
@bae24d3fff
Some of us are at Wilders (wilderssecurity)
Dan/Dantz]]>
2014-06-05T22:24:25Z2014-06-05T22:24:25Ztag:www.schneier.com,2014:/blog//2.5357-comment:6447745Comment from name.withheld.for.obvious.reasons on 2014-06-05name.withheld.for.obvious.reasons
@ Dirk, Nick, Clive, Wael, RobertT, Buck, Mike the Goat
Looks like it is just a few short of a team...I intend to release previously proprietary designs (my company) in open source form. One issue is liability, software licensing under a GPL, Gnu, or Stallman framework is different than in hardware. This I believe is the first component of a "true" open hardware effort that focuses on integrity and traceability.
Each of you has identified various components, devices, and sub-systems that would be part of a deliberate architecture that can be openly developed and can be robust against deliberate attempts at subversion. I will continue to advocate for simple, scalar, and performance based designs that do not sacrafice the robustness that everyone here has reecognised as problematic. It seems to fall to groups like these, and is the perfect test bed, for just such an effort. Formalizing an arrangement (logistics) is the second component to such an effort. I don't think the current FOSS funding and mission is sufficient to be useful or productive, The focus resembles a "forest for the trees" problem. Parallel to the HW licensing issue is a certification process that can be drafted that serves the mission of producing a piece of hardware that doesn't get labeled 'CE'.

@ Dirk
I too share with many the return of another thoughtful and deliberate thinker back to the realm--I'd sensed a disturbance in the force...

By the way, two of my vax's have returned from mothballs and will be joining the enclave in the faraday lab.

It's an unsolvable problem in the absolute case. It's just a matter of where one draws the lines. For software, it's fairly straightforward and I've already got enough work covering that (for "correctness," anyway). For hardware, another matter entirely as I'm still working on that.

@ Dirk Praet

DIIIRK!!! What's up dude!

Good to see you again. Glad you're getting your mind and body into even better shape. That you have years on me and are pulling that much weight gives me less excuse to be dodging the gym. ;) Hope things keep working out for you.

@ Mike the goat

Yes the past shows us that quite usable (and still inspectable) chips can be built. The fab model doesn't help there as RobertT showed us one type can be hidden in another without a chance of optical or electrical inspection finding it. That leaves much older tech, like discrete logic chips. (Pauses) Darnit, same problem! (Sighs) My latest itch on that is to create an architecture portable to many older chips, write emulators for it, and then make a board with nothing but old CPU's/DSP's emulating various chips for that architecture. Is the situation really bad if I'm considering extreme nonsense like that?

Re 386 link

It's certainly interesting from a board hacker perspective. Might have useful information. Might interest in these old things is to create a board from modern components that integrates with them. We leverage COTS stuff where using it doesn't present trust issues. The very programmable stuff, esp CPU, is from old servers. They have to integrate on same board. The link seemed to be a guy trying to shoehorn a chip into a board totally not designed for it. I'm sort of doing the opposite, although I see myself running into similar issues if I try. I had no idea the 386 was so complicated to get into a board, though.

]]>
2014-06-05T18:27:53Z2014-06-05T18:27:53Ztag:www.schneier.com,2014:/blog//2.5357-comment:6443610Comment from Wael on 2014-06-05Wael
@Dirk Praet,
Glad to find you are well. Was wondering what happened to you...]]>
2014-06-05T15:04:21Z2014-06-05T15:04:21Ztag:www.schneier.com,2014:/blog//2.5357-comment:6443279Comment from Dirk Praet on 2014-06-05Dirk Praet
@ Clive

Thanks for the concern, Clive, but I am doing quite allright indeed.

I have been taking some time off to pursue other things like learning Japanese and getting my body back in shape through intense cross-fitness. "Mens sana in corpore sano" and that sort of stuff. The former is going quite well, whereas the latter has been yielding quite some spectacular results too. Never thought I'd be able to deadlift 400 lbs. and do 21 pull-ups in 30 seconds at my age.

@ Mike the goat, @ Wael

What I would like is some sort of Raspberry Pi with all verified components. Would make for an interesting open source hardware project, I think.

]]>
2014-06-05T14:34:20Z2014-06-05T14:34:20Ztag:www.schneier.com,2014:/blog//2.5357-comment:6442579Comment from Mike the goat (horn equipped) on 2014-06-05Mike the goat (horn equipped)http://mikethegoat.wordpress.com
Nick&Clive: I found this page recently, which details an attempt to shoehorn an 80386 into a development board. Thought it would interest y'all.]]>
2014-06-05T13:32:48Z2014-06-05T13:32:48Ztag:www.schneier.com,2014:/blog//2.5357-comment:6442406Comment from Mike the goat (horn equipped) on 2014-06-05Mike the goat (horn equipped)http://mikethegoat.wordpress.com
Wael: I agree. My interim solution is to store my secure material on ancient hardware (SPARC) that should be old enough to either predate government interest in IT surveillance or, and more reliably I guess - given its vintage, they wouldn't be able to "silently" compromise such hardware in the way that they can now with nanometer scale tech. The other thing we have in our favor is the political situation back when my SPARC was minted was much different and hopefully interest in COTS hw - particularly obscure stuff likely destined for academia - was not quite as intense. Of course, I am making assumptions and playing the numbers so to speak.

But this isn't a viable long term solution - and using modern hardware in a Faraday cage completely disconnected from the world isn't really an option either.

I - like many - regularly think about this very problem and how we can mitigate it. Obviously the solution lies in building a "verifiable" computer. Unfortunately such a computer is going to be slow by design. That said, look at what Mac did - a nice little GUI and multitasking (well, with AUX - I believe System simply was task switching) and all done on a Motorola 68k.

Bitlocker is fine for Win FDE unless your adversary is a government. If it is then you wouldn't be using proprietary windows software anyways, so TC is fully redundant and should die

No. One of the fine things about TrueCrypt was that it was cross-platform. Believe it or not, there's a lot of people out there that work on more than one OS.

]]>
2014-06-05T11:04:40Z2014-06-05T11:04:40Ztag:www.schneier.com,2014:/blog//2.5357-comment:6435629Comment from Wael on 2014-06-04Wael
@Mike the goat,

Basically, we have absolutely no way to validate *anything*. I don't know the answer or the solution to this problem, but I predict that this elephant is going to move from the corner of the room to center stage before too long

Unless one builds everything from scratch, one cannot have full trust in the device. One has to be the root of trust of one's self. Otherwise the problem of trust is a formidable one. I don't believe voting systems can totally solve this problem of trust either, because they can be gamed as well -- one way or another.]]>
2014-06-05T02:58:29Z2014-06-05T02:58:29Ztag:www.schneier.com,2014:/blog//2.5357-comment:6434981Comment from Random on 2014-06-04Randomhttp://crypto.stackexchange.com/q/10776/12164At least we can still trust in the math… 1+1=0]]>
2014-06-05T01:46:39Z2014-06-05T01:46:39Ztag:www.schneier.com,2014:/blog//2.5357-comment:6432344Comment from omnichad on 2014-06-04omnichad
To anyone making a big deal about ONDREJ TESARIK being listed in the incorporation, it will get you nowhere.http://nvsos.gov/sosentitysearch/CorpDetails.aspx?lx8nvq=djRu2RWGpIESdKlMBbSrDw%253d%253d

Ondrej Tesarik is a registered agent via InCorp Services, Inc, and not actually involved with the Truecrypt group at all. Incorp provides registered agent services to corporations, allowing those like Truecrypt to reveal only this name in public.

]]>
2014-06-04T21:14:53Z2014-06-04T21:14:53Ztag:www.schneier.com,2014:/blog//2.5357-comment:6430834Comment from Chris on 2014-06-04Chris
Another (unpopular) theory is that the anonymous Developers managing TrueCrypt were actually part (or on behalf) of NSA... wouldn't this be the biggest joke on the us if TrueCrypt turned out to be a plant...

Seriously though, for anyone who easily dismisses this theory I would ask why the developers remained anonymous and why they abruptly ended the project in the middle of an external audit?

Hopefully this mystery will be put to rest some day...

]]>
2014-06-04T18:59:04Z2014-06-04T18:59:04Ztag:www.schneier.com,2014:/blog//2.5357-comment:6429790Comment from Rohobojo on 2014-06-04Rohobojo
If it were planned, they would have said something in advance to warn users. They did not. If they grew tired or bored, why not just say so? If TrueCrypt was no longer going to be supported, why not just say so? Why tell people to stop using TrueCrypt, then tell them to use Bitlocker which cannot be trusted? This was so abrupt and poorly worded that it shouldn't be a surprise people have grown paranoid. Based on appearances alone, it looks as if the development team for TrueCrypt either rabbited because a government agency was breathing down their necks, or they had something to hide, and thus fear, from the audit. The third option, the only other one that fits what we've seen with our own two eyes, is that this is a case of "I'm taking my ball and going home!" which is something that can happen with an emotionally disturbed person. Deleting everything is a strong indication of this being the case. Maybe someone over there didn't feel appreciated enough, that they were being taken for granted, that people should be donating money to them and aren't, that nobody understands them... who knows. Those are the three most likely possibilities IMHO.]]>
2014-06-04T17:25:04Z2014-06-04T17:25:04Ztag:www.schneier.com,2014:/blog//2.5357-comment:6425502Comment from Clive Robinson on 2014-06-04Clive Robinson
@ Wael,

Yes TCs replacment only protecting the "lazy" data at rest would be the starting point.

However whilst adding some low level additions for data in transit would be fairly trivial it becomes problematic, not just because there is not a clear industry API you would use to bring the low level additions into somebody elses comms application, but also due to the side channels from the processing of data from plain text to cipher text and back.

Thus whilst I might be keen to see TC's replacment do file compresion/archive and encryption for secure communication/backup, I would not be happy if it encoraged people to break the "air gap" they should be using when processing sensitive data in any way, especialy when supposadly secure comms have been shown to suffer from timing attacks for over a decade [1].

The issue of processing data securely has developed a "Holy Grail" feeling about it. Until recent times the assumption was that at best you would only be able to do a small subset of operations without going back to plain text, and even those problematicaly.

Thus the idea generaly followed was to place the crypto between the CPU and main memory, on the incorrect assumption that once inside the CPU chip it was not possible for an attacker to get at the data.

However cache timing side channel attacks on AES [2] in the majority of CPUs made it obvious that such a simple crypto measure was very far from sufficient (the likes of the NSA had known about timing attacks since well before DES). Further as some secure FPGA designs showed getting at the actual KeyMat was possible. Unfortunatly KeyMat handeling issues are not seen as Sexy-Research, thus there is not much in the way of open communiry papers on it and those with practical knowledge are usuall prevented legaly from talking about it.

The simple fact is even if we do get efficient ways to process data whilst encrypted, the chances are practical implementations will in some way leak via side channels information about both the processing and the data.